My presentation from SharePoint Saturday UK 2013. In this session we looked at some of the questions you need to ask yourself and your potential Cloud Provider before deciding to move your corporate content into a Cloud environment.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
SPSUK - When do you decide to go to the cloud?
1. When do you decide to
go to The Cloud?
SharePoint Saturday UK – November 2013 – Mark Stokes
2. Mark Stokes
Red Plane
Microsoft Partner in North West UK
www.redplane.co.uk
@FlyRedPlane
Office 365, SharePoint, Azure, nopCommerce, Windows 8 Apps, Windows Phone
Apps, iOS Apps, .Net
mark.stokes@redplane.co.uk
@MarkStokes
Interests: SharePoint, Technology, Photography, Raspberry Pi, Snowboarding,
Wakeboaring, Running, Tough Mudder (maybe!), My Dog - Hugo
3. Agenda
What does the Cloud mean to us?
What the marketing tells you
What the marketing doesn’t tell you
Trust – Security & Privacy
Control
Cost / Benefits
Some other things to think about
Job Security – The end of the IT Pro?
4. What does The Cloud mean to us?
Types of cloud
Cloud Offerings
SaaS
Private Cloud
PaaS
Community Cloud
IaaS
On-Premises
Public Cloud
DaaS
Characteristics (NIST)
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
5. What the marketing tells you
No upfront “infrastructure” costs
Simple per user per month licencing cost
It’s always there (99.9% uptime – Financially backed!)
Access Anywhere, Anytime on Any Device
You will save money
It’s quick, easy and idiot proof
There is no downside
It’s the future
We are “all in”
It what you should be doing…..
6. What the marketing doesn't tell you
Upfront Costs
Awareness, education and training on new systems
You still need to “design” your cloud environment
You still need to migrate your content into The Cloud
You might need to invest in faster / more robust Internet connectivity
De-provisioning costs of existing infrastructure
Supporting Architecture – DirSync / ADFS – Single Sign-On
Vendor Lock-in
Lack of control of the platform
You will (should) save money if you do it right and have a medium to long term
strategy
How good is your MS Partner at setting up and configuring the services?
7. Service Continuity
Redundancy
Monitoring
Internal monitoring built to drive automatic
recovery
Data redundancy with robust failover capabilities
Outside-in monitoring raises alerts about incidents
Physical redundancy at server, datacenter, and
service levels
Functional redundancy with offline functionality
Extensive diagnostics provide logging, auditing, and
granular tracing
Resiliency
Automated failover with human backup
Active load balancing
Recovery testing across failure domains
Distributed component services like Exchange
Online, SharePoint Online, and Lync Online limit
scope and impact of any failures in a component
Directory data replicated across component
services insulates one service from another in any
failure events
Fully automated deployment models, making
deployment easier than ever
Standardized hardware reduces issue isolation
complexities
Distributed services
Simplification
Standard built-in management mechanism
Human backup
Automated recovery actions with 24/7 on-call
support
Team with diverse skills on the call provides rapid
response and resolution
Continuous improvement by learning from the oncall teams
Simplified operations and deployment
8. Service Continuity
Continuous learning
Our post-incident review consists of analysis of
what happened, our response, and our plan to
prevent it in the future
If an incident occurs, regardless of the
magnitude of impact we do a thorough postincident review every time
In the event your organization was affected by
a service incident, we share the post-incident
review with you
Consistent communication
Transparency requires consistent
communication, especially when you are using
the service
We have a number of communication channels
such as email, RSS feeds, and the very
important and highly relevant Service Health
Dashboard
Consistent communication
9. Trust - Security
Is your Cloud Provider Secure?
Do you “Trust” your cloud provider with your data?
What accreditations does you Cloud provider have (e.g. IL2 / IL3)
Are there any recorded security breaches?
What level of security to you actually need?
Could YOU do a better job of securing your own data?
Security of Data at Rest
Security of Data in Transit
10. Trust - Privacy / Data Protection
Where is your data?
The laws of the land in the location where your data is stored
Check the small print of your Service Providers Terms and Conditions
Who owns your data?
And what can they do with it?
PRISM
Safe Harbor
Additional questions are:
Just how private is your data REALLY?
Are hackers REALLY going to be interested in YOUR data?
If yes, then can your Cloud provider provide “at least the same” level of privacy control that
you could do yourself?
11. PRISM
Clandestine mass electronic surveillance data mining program
Operated by the US National Security Agency (NSA) since 2007
Collects stored Internet Communications based on demands made to Internet companies such
as Google, Microsoft, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL, Apple
Provides – E-mail, Chat (Video & Voice), Videos, Photos, Stored data, VoIP, File
Transfers, Video Conferencing, Notifications of target activity (logins, etc), Online Social
Networking details, Special Requests
US as a World’s Telecommunications Backbone
Much of the worlds communications flow through the US
A target’s phone call, e-mail or chat will take the cheapest path, not the physically most
direct path – you can’t always predict the path.
A target’s communications could easily be flowing into and through the U.S.
12. US-EU Safe Harbor
Streamlined process for US companies to comply with EU Directive on the
protection of personal data
Companies operating in the EU are not allowed to send personal data to
countries outside of the European Economic Area unless there is a guarantee
that it will receive adequate levels of protection
Intended for organisations within the EU or US that stores customer data, the
Safe Harbor Principles are designed to prevent accidental information
disclosure or loss.
US companies can opt into the program as long as they adhere to the 7
principles outlined in the directive.
13. US-EU Safe Harbor Principles
Notice – Individuals must be informed that their data is being collected and
how it will be used
Choice – individuals must have the ability to opt out of the collection and
forward transfer of the data to third parties
Onward Transfer – Transfers of data to third parties may only occur to other
organisations that follow adequate data protection principles
Security – Reasonable efforts must be made to prevent loss of collected data
Data integrity – Data must be relevant and reliable for the purpose it was
collected for
Access – Individuals must be able to access information held about them, and
correct or delete it if it is inaccurate
Enforcement – There must be effective means of enforcing these rules
14. Control - Or rather the lack of
You no longer control the platform
You no longer have control over platform updates
What warning / communication do you have of impending updates?
How do you test your configuration / customisations against impending updates?
What support capability is offered? /what are the SLAs?
15. Cost benefits
Compare on-premises to cloud for certain scenarios
Focus on running your company rather than being an IT company that makes some
widgets
Short, medium or long term investment?
Capital Expenditure to Operational Expenditure
16. CapEx vs OpEx
CAPEX
OPEX
Definition:
OPEX refers to expenses incurred in the course
Capital expenditures are expenditures creating future benefits. A
of ordinary business, such as sales, general
capital expenditure is incurred when a business spends money either
and administrative expenses (and excluding cost
to buy fixed assets or to add to the value of an existing asset with a
of goods sold – or COGS, taxes, depreciation and
useful life that extends beyond the tax year.
interest).
Also known as:
Capital Expense
Accounting treatment:
Cannot be fully deducted in the period when they were incurred.
Operating expenses are fully deducted in the
Tangible assets are depreciated and intangible assets are amortized accounting period during which they were
over time.
incurred.
In throughput accounting:
Money spent on inventory falls under CAPEX.
The money spent turning inventory into
throughput is OPEX.
In real estate term:
Costs incurred for buying the income producing property.
Costs associated with the operation and
maintenance of an income producing property.
Examples:
Buying machinery and other equipment, acquiring intellectual
property assets like patents, furniture and fixtures
Wages, maintenance and repair of machinery,
utilities, rent, SG&A expenses, license fees,
office running expenses
Operating Expenditure, Revenue Expenditure
http://www.office365-singapore.com/microsoft-office-365/office-365-opex-cost-savings/
17. Things to think about
Content Migration
Connectivity
Internet Connectivity
Cloud connectivity to on-premises LOB applications
Features
Do you need features your chosen cloud doesn't have / support?
Customisations
Developing
Deploying
Maintenance / Support - Third Party Support Contracts (changes to the platform
might break your code)
NIST – National Institute for Standards and TechnologyOn-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.SaaS – Software-as-a-Service is a model of software deployment whereby a provider licenses an application to customers for use as a service on demand. One example of SaaS is the Salesforce.com CRM application.IaaS – Infrastructure-as-a-Service is the delivery of computer infrastructure (typically a platform virtualization environment) as a service. Rather than purchasing servers, software, data center space or network equipment, clients instead buy those resources as a fully outsourced service. One such example of this is the Amazon web services.PaaS – Platform-as a-Service is the delivery of a computing platform and solution stack as a service. It facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers. PaaS provides the facilities required to support the complete lifecycle of building and delivering web applications and services. An example of this would the GoogleApps.DaaS – Desktop-as-a-Service enables users to use their desktops virtually from anywhere. Commonly known as “Desktop Virtualization”, this concept separates personal computer desktop environments from the physical machine through a client-server computing model. Nowadays, with the rise of SaaS and RIA (Rich Internet Applications) this method of usage is becoming obsolete.
IT service continuity is a subset of business continuity planning and encompasses IT disaster recovery planning and wider IT resilience planning. It is the process of assessing and managing risks associated with information technology (IT) departments. It involves the evaluation of values, threats, risks, vulnerabilities and development of countermeasures to ensure continuation in the event of an IT services disruption.
European Economic Area:- Member states of the EU, except Croatia, who is expected to join later, plus Iceland, Lichtenstein and Norway